trust framework for multi-domain authorization
DESCRIPTION
Trust Framework for Multi-Domain Authorization. Building and organising trust amongst a group of service providers and their users . Internet2 Spring Meeting Arlington April 25 th 2012 Leon Gommans: [email protected] John Vollbrecht : [email protected] - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/1.jpg)
Trust Framework for Multi-Domain Authorization
Internet2 Spring MeetingArlington April 25th 2012
Leon Gommans: [email protected] Vollbrecht: [email protected]
This work is funded by GigaPort3 / Surfnet / Air France - KLM
Building and organising trust amongst a group of service providers and their users
![Page 2: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/2.jpg)
Content- Introduction
- Evolution AAA Authorization Framework - What is the problem?- What we learned from MasterCard
- Service Provider Group concept- A “GLIF” lookalike as hypothetical example
![Page 3: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/3.jpg)
Questions from theIRTF AAA Arch work.
How toorganisea service
with multiple organisations?
User?
Governance?
Agreement? Trust?
Org Group ?
Agreement? Trust?
![Page 4: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/4.jpg)
Why are the questions important?Suppose I want to set up a connection between UvA in Amsterdam to another University or Institute. Although possible, setting up connections to any place across the globe for a scientist is still hard (authority, knowledge, payment, etc.)
Can this problem be solved?
• By my network provider on his own? – It will be hard, in particular when based on bi-lateral agreements, different technology standards, policies, fee structures, etc. • By a network provider as member of a Service Provider Group? We believe it can be.
What is a Service Provider Group?
A Service Provider Group (SPG) is a organisation structured to provide a defined service that is only available if its members collaborate.
![Page 5: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/5.jpg)
Imagine how a Network SPG could look
The SPG appears to me as a worldwide connection service such that:
1. The service is provided to me by my local provider acting as SPG agent.
2. I can make connection to places outside my own provider3. I trust any connection to work as agreed. 4. I understand the connection characteristics I get.5. I know the SPG will monitor my connection.6. I know who to talk to in case of questions or issues.7. I have an agreed way to deal (financially, operationally) with
connection failures.
![Page 6: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/6.jpg)
What does joining a SPG mean for my Network Provider?1. It allows it to make connections to places outside its
own domain.2. Expands usage by enabling connections by customers
from other domains.3. SPG standards ensure consistency of services between
domains.4. SPG policies define monitoring, debugging and
auditing of multi-domain connections.5. SPG regulations ensure fairness amongst providers:
Resource treatment, value add, competition, risk, etc.
![Page 7: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/7.jpg)
Why did we study MasterCard as SPG?eduroam Skyteam EGI.eu MasterCard
Service WiFi Internet Access
AirportPriorities
E-Science Grid Operation
Payment & Processing
Maturity 2003 2000 2010 1966
Documentation public private public publicMembers 36
Federations15 Airline Partners
30 Countries300 Data Centres
25.000+210
countriesRisk Involved Low Medium ? High
Level studied Detailed Low Low DetailedComplexity Low Medium Medium High
![Page 8: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/8.jpg)
What does MasterCard do?
connecting financial institutions, merchants and cardholders with payment processing services
MasterCard allows its member financial institutions to serve merchants and cardholderswith a card payment & processing service that is trusted worldwide.
![Page 9: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/9.jpg)
The anatomy of the MC SPG
Legislative
Rooted
Judicial
Exe-cutive
En-forcement
Ad mini- Str ation
MasterCard Corporation(Directorate)
MemberBanks
MC Service Provider Group
Enter
prise
Authorization
Operation
OrganisationalLevelPerspective
OrganisationalDistributionofPowerPerspective
National & International Law, Rules and RegulationsNational & International Law, Rules and Regulations
National Law, Rules and Regulations
![Page 10: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/10.jpg)
Distribution of Power Perspective
Legislative
• Membership• Service• Licenses• Risk Management• Non-compliancy • Fees• Chargebacks• Liability• …
Executive
Enforcement
• Rules • Licenses• Messages• Reports• Markings• AML• …
• MembershipAgreements• Processes• Monitoring• Fee collection• Appeals• Auditing• …
MasterCard Corporation(Directorate)
MemberBanks
Judicial
• Arbitration• Penalties• Appeals• …
Admini stration
• Cardholder Agreement• MerchantAgreement• Disputes• Reports• Auditing• …
![Page 11: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/11.jpg)
CC SPG Level Model
![Page 12: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/12.jpg)
User
MasterCard
Why Users Trust MasterCard
Agreements
Trust
ReputationStandards, Rules, Policies
and its Enforcement
Emotionaljudgement
RationaljudgementWillingness to rely
![Page 13: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/13.jpg)
Why members trust each other
MemberBank
MemberBank
MemberBank
MasterCard Corporation Reputation
Agreement Agreement Agreement
MC Service Provider Group
![Page 14: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/14.jpg)
Service Provider Group Characteristics
• A group of member organizations that act together to provide a service none could provide on its own
• To a customer the SPG appears as a single provider• To members the SPG appears as a collaborative group
with standards, rules and policies that are defined and enforced by the group
• SPG has “Directorate” with Judicial, Legislative and Executive power in and for SPG
• Customer signs SPG Service Agreement with member• Member acts as agent for SPG
![Page 15: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/15.jpg)
Three organizational levels – SPG and Customer
– SPG and customer set up service agreement
– SPG authorizes Service based on agreement and resource availability
– SPG provides Service to consumer
Organization levels provide framework that puts independent functions in separate levels
![Page 16: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/16.jpg)
SPG concepts – Directorate provides trustexercising power in every layer
• Enterprise – Defines service and
service agreements– Defines policies
• Authorization– Enforces policies– Assigns providers to
service instance• Operation– Monitors service
instances– Supports customer
![Page 17: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/17.jpg)
GLIF-like Connection Service SPG• Service makes connections
between users over multiplexed ports from user to SPG
• Providers are networks and exchanges whose connectivity allows them to make the requested connections
• Work on this kind of project is being done at GLIF, OGF NSI WG, GENI, Mantychore, OpenFlow and more
![Page 18: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/18.jpg)
Connection SPG - Organization levels• Enterprise
– Defines connection characteristics– Makes/ enforces rules and policy– Responsible for actions of other
levels
• Authorization – Authorizes connection requests– Assigns providers to requests– Provisions connection instances
• Operation– Controls physical equipment– Monitors and reports on each
connection instance
![Page 19: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/19.jpg)
GLIF-like Service Provider Group Actors• Members –
– Regional and national network providers– Exchanges [GOLEs]– Local or commercial networks – perhaps as associate members– Organizations that authorize users – not necessarily the same as
members providing networks• Customers/ Users
– Groups, individuals, with a “service agreement” with SPG member– Professor Researchers or Student at School of Member– Networks using SPG to extend their service
• Directorate– Executive direction of SPG– Provider policy group– Operation Monitoring group
![Page 20: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/20.jpg)
Connection Service SPG Directorate Enterprise Level Activities
• Directorate with Legislative, Judicial and Executive power– For MasterCard it is “the Corporation” for GLIF it is tbd
• Define membership requirements• Specify common goals as well as resources and capabilities
• Define how users relate to members• Funding, security requirements
• Establish funding for SPG capabilities• Define Connection parameters and Service levels• Monitor and enforce member-member rules• Develop and maintain authorization and operation
infrastructures and policies• Set up and monitor all SPG infrastructure operations
![Page 21: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/21.jpg)
Trust infrastructureand Connection Transaction Trust
Setup - infrastructure Dynamic connection Transaction
![Page 22: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/22.jpg)
Authorizing GLIF-like Connections
• Customer requests a connection• Directorate algorithm
determines how to satisfy a connection request– Uses topology and policy
information• Authorization result
• Approved connection for user• Provisioning for each participating
provider agent• Authorization depends on policy
of participating actors
![Page 23: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/23.jpg)
Authorization Transaction
• Customer requestor initiates the transaction• Agents trust each other in level because they trust
members • Requestor is authenticated by “home” member• Request is authorized by participating members • [tree/ chain or combination may be used]
• Successful Authorization “operation provisioning” request
• Transaction path is part of infrastructure setup by Enterprise level
![Page 24: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/24.jpg)
Authorization Paths
Basic Push Model
Basic Pull Model
Basic Agent Model
Transaction Architecture Two levels and path between themLevels and path can be implemented independently
Risk analysis needed of each level independently and then as a wholePossible to plug and play level infrastructures
![Page 25: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/25.jpg)
Authorization Paths
• Risk analysis of paths is part of Trust of SPG • Authorization and Provisioning varies– Inline (pull) vs out of band requests– Direct (agent) vs Ticket (push)– Security requirements
• Risk and Security analysis supports Trust of SPG
• Cost analysis is a financial performance not trust issue
![Page 26: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/26.jpg)
Level 1 - Operation
• Operation agents control networks and exchanges
• Operation agents setup connections on direction from authz level
• Operation level monitors connection– Reports to customer and
Directorate
![Page 27: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/27.jpg)
Layer architecture in “Service Provider Organization”
• Enterprise Level initiates and maintains service creation infrastructure in Authorization and Operation levels– Basis of trust in other layers
• Authorization Level applies policy to a request– Policy of SPG and of individual members– Creates an “approved instance” that is given to
Operation level• Operation Level carries out approved instance– Monitors and reports on instances
![Page 28: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/28.jpg)
SPG Conclusions
• Enterprise level needed establish basic trust relations between members
• Trust requires rules, policy, a Directorate [and funding for Directorate]
• Separating Authorization and Operation creates infrastructure that can be analyzed and trusted
• Standardized Inter-level transaction methods allow risk analysis for each method
![Page 29: Trust Framework for Multi-Domain Authorization](https://reader031.vdocument.in/reader031/viewer/2022020111/5681693c550346895de0b1e5/html5/thumbnails/29.jpg)
Questions you might help with • How does directorate concept fit GLIF-like model
– Is it possible to combine for profit and not for profit organizations– What trust is needed what risks can be taken– What rules and policies will need to be in place– How does it compare to MC or EduRoam
• Is a ticket or token (push) model useful for connection service
• How does scheduling fit the three level model
• What is the difference between a user and a member in a the connection service
• Others?